mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2025-02-10 21:40:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, magic, using magic_random_bytes() for CHAP/MSCHAP/EAP instead of for-loop byte where possible

Browse Source
This commit is contained in:
Sylvain Rochet 2015-08-30 20:16:50 +02:00
parent e8399416ae
commit a24f4421d6
3 changed files with 15 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/netif/ppp/chap-new.c
View File

@ -179,7 +179,7 @@ void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
pcb->chap_server.digest = dp; pcb->chap_server.digest = dp;
pcb->chap_server.name = our_name; pcb->chap_server.name = our_name;
/* Start with a random ID value */ /* Start with a random ID value */
pcb->chap_server.id = (u8_t)magic_pow(8); pcb->chap_server.id = magic();
pcb->chap_server.flags |= AUTH_STARTED; pcb->chap_server.flags |= AUTH_STARTED;
if (pcb->chap_server.flags & LOWERUP) if (pcb->chap_server.flags & LOWERUP)
chap_timeout(pcb); chap_timeout(pcb);

5
src/netif/ppp/chap_ms.c
View File

@ -866,8 +866,6 @@ static void ChapMS2(ppp_pcb *pcb, u_char *rchallenge, u_char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response, char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator) { u_char authResponse[], int authenticator) {
/* ARGSUSED */ /* ARGSUSED */
u_char *p = &response[MS_CHAP2_PEER_CHALLENGE];
int i;
LWIP_UNUSED_ARG(authenticator); LWIP_UNUSED_ARG(authenticator);
#if !MPPE_SUPPORT #if !MPPE_SUPPORT
LWIP_UNUSED_ARG(pcb); LWIP_UNUSED_ARG(pcb);
@ -877,8 +875,7 @@ static void ChapMS2(ppp_pcb *pcb, u_char *rchallenge, u_char *PeerChallenge,
/* Generate the Peer-Challenge if requested, or copy it if supplied. */ /* Generate the Peer-Challenge if requested, or copy it if supplied. */
if (!PeerChallenge) if (!PeerChallenge)
for (i = 0; i < MS_CHAP2_PEER_CHAL_LEN; i++) magic_random_bytes(&response[MS_CHAP2_PEER_CHALLENGE], MS_CHAP2_PEER_CHAL_LEN);
*p++ = (u_char)magic_pow(8);
else else
MEMCPY(&response[MS_CHAP2_PEER_CHALLENGE], PeerChallenge, MEMCPY(&response[MS_CHAP2_PEER_CHALLENGE], PeerChallenge,
MS_CHAP2_PEER_CHAL_LEN); MS_CHAP2_PEER_CHAL_LEN);

38
src/netif/ppp/eap.c
View File

@ -204,7 +204,7 @@ static void eap_init(ppp_pcb *pcb) {
BZERO(&pcb->eap, sizeof(eap_state)); BZERO(&pcb->eap, sizeof(eap_state));
#if PPP_SERVER #if PPP_SERVER
pcb->eap.es_server.ea_id = (u_char)magic_pow(8); pcb->eap.es_server.ea_id = magic();
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
} }
@ -646,9 +646,8 @@ static void eap_send_request(ppp_pcb *pcb) {
struct pbuf *p; struct pbuf *p;
u_char *outp; u_char *outp;
u_char *lenloc; u_char *lenloc;
u_char *ptr;
int outlen; int outlen;
int challen; int len;
const char *str; const char *str;
#ifdef USE_SRP #ifdef USE_SRP
struct t_server *ts; struct t_server *ts;
@ -712,9 +711,9 @@ static void eap_send_request(ppp_pcb *pcb) {
case eapIdentify: case eapIdentify:
PUTCHAR(EAPT_IDENTITY, outp); PUTCHAR(EAPT_IDENTITY, outp);
str = "Name"; str = "Name";
challen = strlen(str); len = strlen(str);
MEMCPY(outp, str, challen); MEMCPY(outp, str, len);
INCPTR(challen, outp); INCPTR(len, outp);
break; break;
case eapMD5Chall: case eapMD5Chall:
@ -723,13 +722,10 @@ static void eap_send_request(ppp_pcb *pcb) {
* pick a random challenge length between * pick a random challenge length between
* EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH * EAP_MIN_CHALLENGE_LENGTH and EAP_MAX_CHALLENGE_LENGTH
*/ */
challen = EAP_MIN_CHALLENGE_LENGTH + pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH); magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
PUTCHAR(challen, outp); PUTCHAR(pcb->eap.es_challen, outp);
pcb->eap.es_challen = challen; magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
ptr = pcb->eap.es_challenge;
while (--challen >= 0)
*ptr++ = (u_char)magic_pow(8);
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen); MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
INCPTR(pcb->eap.es_challen, outp); INCPTR(pcb->eap.es_challen, outp);
MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen); MEMCPY(outp, pcb->eap.es_server.ea_name, pcb->eap.es_server.ea_namelen);
@ -813,10 +809,7 @@ static void eap_send_request(ppp_pcb *pcb) {
if (i > 0) { if (i > 0) {
MEMCPY(clear, cp, i); MEMCPY(clear, cp, i);
cp += i; cp += i;
while (i < 8) { magic_random_bytes(cp, 8-i);
*cp++ = magic_pow(8);
i++;
}
/* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */ /* FIXME: if we want to do SRP, we need to find a way to pass the PolarSSL des_context instead of using static memory */
(void) DesEncrypt(clear, cipher); (void) DesEncrypt(clear, cipher);
outp += b64enc(&b64, cipher, 8, outp); outp += b64enc(&b64, cipher, 8, outp);
@ -828,10 +821,8 @@ static void eap_send_request(ppp_pcb *pcb) {
*optr = i; *optr = i;
i %= SHA_DIGESTSIZE; i %= SHA_DIGESTSIZE;
if (i != 0) { if (i != 0) {
while (i < SHA_DIGESTSIZE) { magic_random_bytes(outp, SHA_DIGESTSIZE-i);
*outp++ = magic_pow(8); INCPTR(SHA_DIGESTSIZE-i, outp);
i++;
}
} }
/* Obscure the pseudonym with SHA1 hash */ /* Obscure the pseudonym with SHA1 hash */
@ -859,12 +850,9 @@ static void eap_send_request(ppp_pcb *pcb) {
case eapSRP4: case eapSRP4:
PUTCHAR(EAPT_SRP, outp); PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_LWRECHALLENGE, outp); PUTCHAR(EAPSRP_LWRECHALLENGE, outp);
challen = EAP_MIN_CHALLENGE_LENGTH + pcb->eap.es_challen = EAP_MIN_CHALLENGE_LENGTH +
magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH); magic_pow(EAP_MIN_MAX_POWER_OF_TWO_CHALLENGE_LENGTH);
pcb->eap.es_challen = challen; magic_random_bytes(pcb->eap.es_challenge, pcb->eap.es_challen);
ptr = pcb->eap.es_challenge;
while (--challen >= 0)
*ptr++ = magic_pow(8);
MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen); MEMCPY(outp, pcb->eap.es_challenge, pcb->eap.es_challen);
INCPTR(pcb->eap.es_challen, outp); INCPTR(pcb->eap.es_challen, outp);
break; break;